Side-channel analysis apparatus and method based on profile

ABSTRACT

A side channel analysis apparatus based on a profile includes a waveform collection unit configured to collect leaked information from a target device of a side channel analysis; and a preprocessing unit configured to preprocess a waveform data correspond to the leaked information collected from the waveform collection unit before analyzing same. Further, the side channel analysis apparatus includes an analysis unit configured to analyze the waveform data preprocessed in the preprocessing unit; and a profile configuration unit configured to make each process of the waveform collection unit, the preprocessing unit, and the analysis unit into a process and configure a profile for managing each process by connection of each process.

CROSS-REFERENCE TO RELATED APPLICATION(S)

The present invention claims priority of Korean Patent Application No.10-2012-0058684, filed on May 31, 2012, which is incorporated herein byreference.

FIELD OF THE INVENTION

The present invention relates to a side channel analysis; and moreparticularly to a side channel analysis apparatus and method based on aprofile, which are capable of making all processes of the side channelanalysis of collecting a waveform, preprocessing, and analyzing and thelike easily understood through referring to the profile.

BACKGROUND OF THE INVENTION

Typically, side channel analysis is a technology finding a key of acryptographic module by collecting, preprocessing, analyzing waveformsof power, electromagnetic waves and the like generated when thecryptographic module of an apparatus to be analyzed is operated througha waveform collection device such as an oscilloscope.

Further, a current side channel analysis system mainly performs the sidechannel analysis by the waveform. In process of collecting,preprocessing, and analyzing the waveform, whenever each processprogresses, each process exports results thereof in a waveform. However,if only a result waveform of each process is provided, what relationshipexists between the result waveforms, whether the result waveform isgenerated in any order, and what parameters have been used in eachprocess may not be clearly known.

For example, the waveform is collected and stored through a waveformcollection device, but it is difficult to know, by viewing the storedwaveform, what waveform collection device is used, what sampling speedis applied, and what protocol is used to store the waveform and thelike. Further, when the waveform is preprocessed several times, it isdifficult to know, by only viewing the stored several waveforms, whatwaveform is preprocessed through which preprocessing and what parametervalues are used in the preprocessing. Therefore, it is difficult toinstruct know-how of analysis.

SUMMARY OF THE INVENTION

In view of the above, the present invention provides side channelanalysis apparatus and method based on a profile, which are capable ofmaking all processes of a side channel analysis of collecting awaveform, preprocessing, and analyzing and the like easily understoodthrough referring to the profile by making each process of the sidechannel analysis through collecting waveform, preprocessing, andanalyzing into a process in a side channel analysis system, making aprofile for managing each process by connection of each process, thusenabling a parameter used in each process and each waveform of operationresult of each process to be easily confirmed.

In accordance with a first aspect of the present invention, there isprovided a side channel analysis apparatus based on a profile,including: a waveform collection unit configured to collect leakedinformation from a target device of a side channel analysis; apreprocessing unit configured to preprocess a waveform data correspondto the leaked information collected from the waveform collection unitbefore analyzing same; an analysis unit configured to analyze thewaveform data preprocessed in the preprocessing unit; and a profileconfiguration unit configured to make each process of the waveformcollection unit, the preprocessing unit, and the analysis unit into aprocess and make a profile for managing each process by connection ofeach process.

Further, the profile configuration unit may make a side channel analysistask about the target device of the side channel analysis into oneproject, make a plurality of profiles in a lower level of the project,and make a waveform collection process, preprocessing processes, andanalysis processes in a lower level of each process to connect eachother.

Further, the profile configuration unit may display parameters used ineach process, and drives each process by the parameters.

Further, the process may receive a waveform of a previous process togenerate a new waveform, and input the new generated waveform to asubsequent process.

In accordance with a second aspect of the present invention, there isprovided a method for analyzing a side channel based on a profile. Themethod includes collecting a waveform by collecting leaked informationfrom a target device of the side channel analysis; preprocessing awaveform data corresponding to the leaked information collected from thewaveform collection unit before analyzing the waveform; analyzing thewaveform data preprocessed in the preprocessing unit; and making each ofsaid collecting a waveform, preprocessing a waveform data, and analyzingthe waveform data into a process to make a profile.

Further, said making a profile may include making a side channelanalysis task about the target device of the side channel analysis intoone project about the side channel analysis target equipment; making aplurality of profiles in a lower level of the project; and making awaveform collection process, preprocessing processes, and analysisprocesses in a lower level of each profile to connect each other.

Further, said making a profile may be performed such that parametersused in each process are displayed, and each process is driven by theparameters.

Further, the process may receive the waveform of a previous process togenerate a new waveform, and input the new generated waveform to asubsequent process.

In accordance with the present invention, it is possible to make allprocesses of a side channel analysis of collecting, preprocessing,analyzing a waveform and the like easily understood through referring tothe profile by making each process of the side channel analysis into aprocess through collecting, preprocessing, and analyzing a waveform in aside channel analysis system, making a profile for managing each processby connection of each process, thus enabling a parameter used in eachprocess and each waveform of operation result of each process to beeasily confirmed.

Further, if an analysis method for the side channel analysis of oneapparatus to be analyzed is instructed to a side channel certificationauthority by making a profile, each side channel certification authoritymay easily understand the method for the side channel analysis of thedevice through the profile. At this time, if the profile is initialized,the result waveform of each process is reset. Thereafter, if the profileis driven by connecting the waveform collection device with the deviceto be analyzed, the same result as that of the instructed certificationauthority may be obtained. Therefore, know-how of the analysis may beeasily instructed.

BRIEF DESCRIPTION OF THE DRAWINGS

The objects and features of the present invention will become apparentfrom the following description of embodiments given in conjunction withthe accompanying drawings, in which:

FIG. 1 is a detailed block diagram showing a side channel analysisapparatus based on a profile in accordance with an embodiment of thepresent invention;

FIG. 2 is an exemplary diagram showing the configuration of a profile inaccordance with the embodiment of the present invention;

FIG. 3 is an exemplary diagram showing a profile list and a parameter inaccordance with the embodiment of the present invention;

FIG. 4 is an exemplary diagram showing composition of process andcommands in accordance with the embodiment of the present invention; and

FIG. 5 is a diagram showing a structure of a profile in accordance withthe embodiment of the present invention.

DETAILED DESCRIPTION OF THE EMBODIMENTS

Hereinafter, embodiments of the present invention will be described indetail with reference to the accompanying drawings which form a parthereof.

In the following description of the present invention, if the detaileddescription of the already known structure and operation may confuse thesubject matter of the present invention, the detailed descriptionthereof will be omitted. The following terms are terminologies definedby considering functions in the embodiments of the present invention andmay be changed operators intend for the invention and practice. Hence,the terms need to be defined throughout the description of the presentinvention.

FIG. 1 is a detailed block diagram showing a side channel analysisapparatus 100 based on a profile, and may include a waveform collectionunit 110, a preprocessing unit 120, an analysis unit 130, and a profileconfiguration unit 140 in accordance with an embodiment of the presentinvention.

Hereinafter, the operation in each unit of the side channel analysisapparatus 100 of the present invention will be described in detail withreference to FIG. 1.

First, the waveform collection unit 110 may include an externalmeasuring device for collecting leaked information (e.g., powerconsumption, electromagnetic wave and the like) leaked from electronicsecurity equipment which is target of side channel analysis and anoscilloscope connected thereto. In other words, the waveform collectionunit 110 may be configured to measure the leaked information using theexternal measuring device and to collect waveform data through theoscilloscope.

The preprocessing unit 120 may receive at least part of waveform datacollected by the waveform collection unit 110 to preprocess the receivedwaveform data for easy analysis. The analysis unit 130 may generate aresult of the side channel analysis on the waveform data to be analyzedwhich is preprocessed by the preprocessing unit 120.

At this time, the waveform collection unit 110, the preprocessing unit120, and the analysis unit 130 may have a configuration of beingoperated independently and in parallel. In other words, each unit of theside channel analysis apparatus 100 shown in FIG. 1 in accordance withthe present invention may be implemented by a computer program includingmulti-processor multi-thread capable of performing functions describedabove in parallel and a computer device capable of driving the computerprogram.

The profile configuration unit 140 may make each process of collectingwaveform, preprocessing, and analyzing, which is performed in each ofthe waveform collection unit 110, the preprocessing unit 120, theanalysis unit 130 and the like into a process, and may make a profilefor managing each process by connection of each process. Specifically,the profile configuration unit 140 makes a side channel analysis taskabout the target device of the side channel analysis into one project,makes a plurality of profiles in a lower level of the project, and makesa waveform collection process, preprocessing processes, and analysisprocesses in a lower level of each process to connect each other. Atthis time, each process may have each parameter, and each process may bedriven by setting these parameters. Each process receives and processesa waveform of previous process to generate a different waveform, andtransmits the generated waveform to subsequent process.

Therefore, the flow of the processes from collecting to analyzing thewaveform may clearly be seen, and the parameters of each process may beeasily understood. Further, the waveform which is the result ofoperation of each process may be easily seen. Therefore, anyone mayclearly understand a method for collecting, preprocessing and analyzingof the waveform if only to see the profile.

Hereinafter, an operation of the profile configuration unit 140 will bedescribed in detail referring to FIGS. 2 to 5.

Referring to FIG. 2, inside a box marked with the reference number 200is one profile.

A profile called ‘Card’ is included in project ‘CHES2011’. The startprocess of the ‘Card’ profile is a process of collecting a waveform inthe waveform collection unit 110 using the oscilloscope.

Thereafter, it may be seen that several preprocessing processes andanalysis processes are connected. The connection between each processmay be made by dragging and dropping each process in a process list ofleft box marked with the reference number 300 shown in FIG. 3. Further,if each process is clicked, parameters of each process appear in aproperty editor window (Property Editor) of right box marked with thereference number 302 shown in FIG. 3, and the value of the parametersmay be set.

Further, each process may be individually operated by command icons 400included under a process as shown in FIG. 4, and all processes includedin the profile may be simultaneously operated by profile command in FIG.3.

As shown in FIGS. 2 and 3, in analyzing one analysis device, one profileis made, connections between processes of collecting a waveform,processes of preprocessing and analyzing may be clearly seen, and ifeach process is selected, parameters of the selected process appear inthe property window thus may be easily seen. Further, since the resultwaveform of each process (a waveform collection process and apreprocessing process) or the result of analysis is easily seen,know-how of analysis may be easily instructed although the profile isnot one's own profile but an instructed profile because.

FIG. 5 is a diagram showing a structure of a profile in accordance withthe embodiment of the present invention.

As shown in FIG. 5, a project 500 about the side channel analysis existsat the top level, and a plurality of profiles 502 are included in theproject 500.

Further, a waveform collection process 504, a preprocessing process 506,and an analysis process 508 exist in a lower level of each profile 502.

Therefore, the result waveform of each process (the waveform collectionprocess and the preprocessing process) or the result of analysis may beeasily understood and, know-how of the analysis may be easily instructedalthough the profile is not one's own profile but an instructed profile.

As described above, if an analysis method for the side channel analysisof one apparatus to be analyzed is instructed to a side channelcertification authority by making a profile, each side channelcertification authority may easily understand the method for the sidechannel analysis of the device through the profile. At this time, if theprofile is initialized, the result waveform of each process is reset.Thereafter, if the profile is driven by connecting the waveformcollection device with the device to be analyzed, the same result asthat of the instructed certification authority may be obtained.Therefore, know-how of the analysis may be easily instructed.

Further, it is possible to make all processes of a side channel analysisof collecting, preprocessing, analyzing a waveform and the like easilyunderstood through referring to the profile by making each process ofthe side channel analysis into a process through collecting,preprocessing, and analyzing a waveform in a side channel analysissystem, making a profile for managing each process by connection of eachprocess, thus enabling a parameter used in each process and eachwaveform of operation result of each process to be easily confirmed.

While the invention has been shown and described with respect to theembodiments, the present invention is not limited thereto. It will beunderstood by those skilled in the art that various changes andmodifications may be made without departing from the scope of theinvention as defined in the following claims.

What is claimed is:
 1. A side channel analysis apparatus based on aprofile, comprising: a waveform collection unit configured to collectleaked information from a target device of a side channel analysis; apreprocessing unit configured to preprocess a waveform data correspondto the leaked information collected from the waveform collection unitbefore analyzing same; an analysis unit configured to analyze thewaveform data preprocessed in the preprocessing unit; and a profileconfiguration unit configured to make each process of the waveformcollection unit, the preprocessing unit, and the analysis unit into aprocess and make a profile for managing each process by connection ofeach process.
 2. The side channel analysis apparatus of claim 1, whereinthe profile configuration unit makes a side channel analysis task aboutthe target device of the side channel analysis into one project, makes aplurality of profiles in a lower level of the project, and makes awaveform collection process, preprocessing processes, and analysisprocesses in a lower level of each process to connect each other.
 3. Theside channel analysis apparatus of claim 1, wherein the profileconfiguration unit displays parameters used in each process, and driveseach process by the parameters.
 4. The side channel analysis apparatusof claim 3, wherein the process receives a waveform of a previousprocess to generate a new waveform, and inputs the new generatedwaveform to a subsequent process.
 5. A method for analyzing a sidechannel based on a profile, the method comprising: collecting a waveformby collecting leaked information from a target device of the sidechannel analysis; preprocessing a waveform data corresponding to theleaked information collected from the waveform collection unit beforeanalyzing the waveform; analyzing the waveform data preprocessed in thepreprocessing unit; and making each of said collecting a waveform,preprocessing a waveform data, and analyzing the waveform data into aprocess to make a profile.
 6. The method of claim 5, wherein said makinga profile includes: making a side channel analysis task about the targetdevice of the side channel analysis into one project about the sidechannel analysis target equipment; making a plurality of profiles in alower level of the project; and making a waveform collection process,preprocessing processes, and analysis processes in a lower level of eachprofile to connect each other.
 7. The method of claim 5, wherein saidmaking a profile is performed such that parameters used in each processare displayed, and each process is driven by the parameters.
 8. Themethod of claim 7, wherein the process receives the waveform of aprevious process to generate a new waveform, and inputs the newgenerated waveform to a subsequent process.